[Pkg-samba-maint] r1433 - trunk/samba/debian/patches

[bubulle at alioth.debian.org]

Author: bubulle
Date: 2007-05-30 21:19:10 +0000 (Wed, 30 May 2007)
New Revision: 1433

Modified:
   trunk/samba/debian/patches/smbmount-unix-caps.patch
Log:
More comment about this patch


Modified: trunk/samba/debian/patches/smbmount-unix-caps.patch
===================================================================
--- trunk/samba/debian/patches/smbmount-unix-caps.patch	2007-05-30 21:17:02 UTC (rev 1432)
+++ trunk/samba/debian/patches/smbmount-unix-caps.patch	2007-05-30 21:19:10 UTC (rev 1433)
@@ -1,6 +1,6 @@
 Goal: respect requests for uid-flattening mount options by disabling Unix permissions handling in the kernel driver
 
-Fixes: ?
+Fixes: #310982
 
 Status wrt upstream: Forwarded on 2007/05/30
 
@@ -8,6 +8,27 @@
 
 Note: Part of no-longer maintained smbfs stuff
 
+This patch is the stopgap that was implemented immediately prior to the
+sarge release in response to the security issue with the kernel ignoring
+uid,gid mount options when the server supported unix capabilities.  The
+corresponding changelog entry was:
+
+ samba (3.0.14a-4) unstable; urgency=high
+
+   [...]
+   * Patch smbmount to strip CAP_UNIX out of the capabilities passed to
+     the kernel when uid, gid, dmask, or fmask options have been
+     specified; this keeps the mount permissions from changing out from
+     under the user when upgrading to a server (or to a kernel) that
+     supports unix extensions.  Closes: #310982.
+   [...]
+
+This issue has since been resolved in the kernel.  The patch should not be
+included upstream in Samba, and should be dropped from the Debian packages
+as well just as soon as someone has time for testing it (or, y'know, as soon
+as we stop shipping mount.smbfs altogether).
+
+
 Index: samba-3.0.25a/source/client/smbmount.c
 ===================================================================
 --- samba-3.0.25a.orig/source/client/smbmount.c	2007-05-26 07:46:33.884647544 +0200